from django.shortcuts import render, redirect
from django.contrib.auth.hashers import make_password, check_password   # 课下练习
from . import models
import hashlib

# Create your views here.


def index(request):
    return render(request, 'index.html')


def login(request):
    if request.method == "GET":
        # 用户初次进入展示登录表单
        return render(request, 'login.html')
    elif request.method == "POST":
        context = {
            'message': ''
        }
        # 用户提交表单
        username = request.POST.get('username')
        password = request.POST.get('password')
        print(username, password)
        # 查询数据库     'select * from login_user where name=%s and password=%s' %(username, password)
        # 验证用户名和密码
        user = models.User.objects.filter(name=username).first()

        if user:
            if _hash_password(password) == user.hash_password:

            # if user.password == password:
                context['message'] = '登录成功'
                # 服务器设置sessionid和其他用户信息。sessionid(服务器给访问他的浏览器的身份证)自动生成的。
                request.session['is_login'] = True
                request.session['username'] = user.name
                request.session['userid'] = user.id
                return redirect('/index/')  # 返回的响应中包含set-cookie(sessionid='asdfj')，浏览器收到响应后会把sessionid存到cookie中。
            else:
                context['message'] = '密码不正确'
                return render(request, 'login.html', context=context)
        else:
            context['message'] = '未注册'
            return render(request, 'login.html', context=context)


def register(request):
    if request.method == 'GET':
        # 注册表单
        return render(request, 'register.html')
    elif request.method == 'POST':
        # 表单验证
        username = request.POST.get('username')
        password = request.POST.get('password')
        email = request.POST.get('email')
        # # 简单后端表单验证
        # if not username.strip() and password.strip() and email.strip():
        #     print('某个字段为空')
        #     return redirect('/register/', context={'message': '某个字段为空'})
        # if len(username) > 20 or len(password) > 20:
        #     print('用户名或密码长度不能超过20')
        # # 特殊字符串 eval \q &$

        # 写数据库
        user = models.User.objects.filter(email=email).first()
        if user:
            return render(request, 'register.html', context={'message': '用户已注册'})
        # insert into login_user(name, password, email) values(%s, %s, %s) % ('','','')

        # 加密密码
        hash_password = _hash_password(password)
        # 写入数据库
        try:
            user = models.User(name=username, password=password, hash_password=hash_password, email=email)
            user.save()
            return render(request, 'login.html', context={'message': '注册成功，请继续登录'})
        except Exception as e:
            print('保存失败', e)
            return redirect('/register')


def logout(request):
    """退出"""
    # # 未登录时不让走退出函数，防止黑客
    is_login = request.session.get('is_login', None)
    if not is_login:
        return redirect('/index/')

    # 清除session 退出
    request.session.flush()     # 清楚用户session_id对应的所有session_data
    # del request.session.user_id     # 清楚某个session键值
    return redirect('/index/')


def _hash_password(password):
    """哈希加密用户注册密码"""
    sha = hashlib.sha256()
    sha.update(password.encode(encoding='utf-8'))
    return sha.hexdigest()

# def _hash_password(password, salt='ddp'):
#     """哈希加密用户注册密码"""
#     salt = ''
#     for i in range(4):
#           salt += chr(random.randint(65,90)
#     sha = hashlib.sha256()
#     sha.update((password+salt).encode(encoding='utf-8'))
#     return '$ddp$' + sha.hexdigest()

# 数据库查询
# user = models.User.objects.filter(name=username,password=password).first()
